Enforcing Policies in Pervasive Environments

This paper presents a proof of concept implementation of a
security infrastructure for mobile devices in a pervasive environment. The security infrastructure primarly consists of two parts, the policy engine and the policy enforcement mechanism. Each mobile device within a pervasive environment is
equipped with its own policy enforcement mechanism and is
responsible for protecting its resources. A mobile device consults the nearest policy server, notifies its current state including
its present user, network presence, other accessible devices and location information if available. Using this information
the policy server queries the Rei engine to dynamically create a policy certificate and issues it to the requesting device. The system wide policy is described in a semantic language Rei, a lightweight and extensible language that is able to express comprehensive policies using domain specific information.
The Rei policy engine is able to dynamically decide what rights, prohibitions, obligations, dispensations an actor has on the domain actions. A policy certificate, which contains the set of granted permissions and the scope within which the permissions are valid, is created and issued to the device. The policy certificate can be revoked by the policy enforcer based on expiration of the validity period or a combination of timeout, loss of contact with an assigned network.
X.509 based Public Key Infrastructure is used to provide
identification and authentication.